liquid_feedback_frontend
view config/_ldap_ad.lua @ 1783:64ff321f62c4
Translations updated
| author | bsw | 
|---|---|
| date | Tue Oct 19 14:47:28 2021 +0200 (2021-10-19) | 
| parents | 3fb752f4afcb | 
| children | 
 line source
     1 local function str2hex(s)
     2   local t = {string.byte(s, 1, #s)}
     3   local f = string.format
     4   for i = 1, #t do t[i] = f("\\%02x", t[i]) end
     5   return table.concat(t)
     6 end
     8 config.ldap = {
     9   hosts = { 
    10     { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },
    11     { uri = "ldap://192.168.1.2", tls = true, timeout = 5 }
    12   },
    13   base = "CN=Users,DC=example,DC=org",
    14   bind_as = { dn = "CN=LiquidFeedback Service,CN=Users,DC=example,DC=org", password = "secure" },
    15   member = {
    16     registration = "auto",
    17     scope = "subtree",
    18     login_normalizer = function (login)
    19       return login:lower()
    20     end,
    21     login_filter_map = function (login)
    22       return "(sAMAccountName=" .. ldap.escape_filter(login) .. ")"
    23     end,
    24     login_map = function (ldap_entry)
    25       return ldap_entry.sAMAccountName[1]
    26     end,
    27     uid_filter_map = function (uid)
    28       return "(objectGUID=" .. uid .. ")"
    29     end,
    30     uid_map = function (ldap_entry)
    31       return str2hex(ldap_entry.objectGUID[1])
    32     end,
    33     allowed_map = function (ldap_entry)
    34       local allowed = false
    35       if ldap_entry.memberOf then
    36         for i, group in ipairs(ldap_entry.memberOf) do
    37           if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
    38             allowed = true
    39           end
    40         end
    41       end
    42       return allowed
    43     end,
    44     fetch_attr = { "sAMAccountName", "objectGUID", "givenName", "name", "displayName", "memberOf" },
    45     attr_map = function (ldap_entry, member)
    46       member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.name[1]
    47       member.name = ldap_entry.displayName[1]
    48     end,
    49     privilege_map = function (ldap_entry, member)
    50       local privileges = {}
    51       if ldap_entry.memberOf then
    52         for i, group in ipairs(ldap_entry.memberOf) do
    53           if group == "CN=LiquidFeedback User,CN=Users,DC=example,DC=org" then
    54             table.insert(privileges,
    55               { unit_id = 1, voting_right = true, polling_right = true }
    56             )
    57           end
    58         end
    59       end
    60       return privileges
    61     end,
    62     cache_passwords = true,
    63     locked_profile_fields = { name = true }
    64   }
    65 }
